Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 192

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
Humanoid robots take over CES in Las Vegas as tech industry touts future of AI
NASA to bring space station astronauts back to Earth weeks early due to medical situation
Jim Cramer calls a Wall Street analyst downgrade of Nike stock 'fatuous'
First 2026 Social Security payments bring a bigger check in January. What beneficiaries can expect
CNBC Sport: WNBA and players dig in their heels as CBA deadline set to expire
U.S. payrolls rose 50,000 in December, less than expected; unemployment rate falls to 4.4%
Trump says he’s canceled second wave of attacks on Venezuela
Trump suggests U.S. military will hit cartels on ‘land’ in Mexico
Amazon Pharmacy starts offering Novo Nordisk's Wegovy weight-loss pill
Supreme Court holds off on Trump tariff ruling for now — what's at stake for economy